Resilient Tunnel
Issue 4 May 2005 215
Add resilient tunnel
There are four parameters associated with Resilient Tunnel automatic backup mode. They are:
Heartbeat Interval
The time, in seconds, between heartbeat request attempts made by the remote security
gateway to the primary security gateway. Default is 10 seconds.
Heartbeat Retry Limit
The number of times a heartbeat request is sent by the remote security gateway before the
primary security gateway is declared inactive. Default is 3 tries.
Hold Up Time
The time (in seconds) to wait before the remote security gateway attempts to contact the
secondary tunnel endpoint security gateway. This allows for the laten cy of a dial up link,
typically much longer than the heartbeat interval. Default is 0.
Hold Down Time
Wait time between the remote security gateway determining that the primary endpoint
security gateway is able to reconnect, and when the switchover actually occurs. This wait
time ensures that the primary security gateway is stable before switching occurs. Default is
20 seconds.

Prerequisites

Security gateway for the controlling, primary, and secondary end-points must exist. For
instructions, see Configuring a security gatewayon page 57.
A VPN Object that uses the controlling and primary security gateway objects must exist.
For instructions see Creating a new VPN objecton page 136.

To create a resilient tunnel:

1. Move to the Configuration Console window. The Device tabs are displayed.
2. From the Device>Contents column, select the device that is operating as the primary
end-point (see Figure 68).
3. Click the Resilient Tunnel tab to bring it to the front.
4. Click Add to open the Add Resilient Tunnel Device dialog box.
5. From the Select a Device list, select the security gateway that is the secondary end-point.
6. Select the Save as Enabled check box so Resilient Tunnel services begins as soon as the
VSUs are updated.